Lucene search
K
PatchstackRecent

46662 matches found

Patchstack
Patchstack
added 2026/05/14 6:52 p.m.9 views

WordPress Notify Odoo plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Notify Odoo versions = 1.0.1...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 6:51 p.m.11 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.12 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by Athul Jayaram - SecurityInfinity in WordPress Plugin NEX-Forms versions = 9.1.12...

4.9CVSS5.9AI score0.00355EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 6:27 p.m.10 views

NPM: Apostrophe has stored XSS via javascript: URL in Image Widget Link

NPM: Apostrophe has stored XSS via javascript: URL in Image Widget Link vulnerability discovered by ? in WordPress Npm apostrophe versions 4.29.0...

5.8AI score0.00211EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 6:27 p.m.10 views

NPM: Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation

NPM: Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation vulnerability discovered by ? in WordPress Npm apostrophe versions = 4.29.0...

5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 6:26 p.m.12 views

NPM: Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

NPM: Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget vulnerability discovered by ? in WordPress Npm apostrophe versions = 4.29.0...

5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 6:26 p.m.10 views

NPM: Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

NPM: Apostrophe has default XSS via xmp raw-text passthrough in sanitize-html vulnerability discovered by ? in WordPress Npm sanitize-html versions 2.17.3...

5.8AI score0.0037EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:21 p.m.10 views

WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Advanced Access Manager versions = 7.1.0...

5.8AI score0.00394EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.9 views

NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

NPM: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.7 views

NPM: FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

NPM: FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.9 views

NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover

NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00342EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.9 views

NPM: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

NPM: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.8 views

NPM: FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover

NPM: FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.7 views

NPM: FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

NPM: FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:19 p.m.11 views

NPM: FlowiseAI: Vector Store No Permission Checks

NPM: FlowiseAI: Vector Store No Permission Checks vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00327EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:18 p.m.9 views

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

5.8AI score0.00315EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:18 p.m.7 views

NPM: n8n Has a Source Control Pull SQL Injection

NPM: n8n Has a Source Control Pull SQL Injection vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

5.9AI score0.00331EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:17 p.m.10 views

NPM: n8n Has an XML Node Prototype Pollution Patch Bypass

NPM: n8n Has an XML Node Prototype Pollution Patch Bypass vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

6AI score0.00634EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:17 p.m.7 views

NPM: n8n Has an Arbitrary File Read via Git Node

NPM: n8n Has an Arbitrary File Read via Git Node vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

6AI score0.00632EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:17 p.m.9 views

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE

NPM: n8n: HTTP Request Node Pagination Prototype Pollution to RCE vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

6AI score0.00632EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:58 p.m.13 views

NPM: FlowiseAI Vulnerable to Credential Data Leak

NPM: FlowiseAI Vulnerable to Credential Data Leak vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00271EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:57 p.m.8 views

NPM: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape

NPM: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.0082EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:57 p.m.10 views

NPM: FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00274EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:57 p.m.23 views

NPM: Flowise has an MCP Security Bypass that Enables RCE

NPM: Flowise has an MCP Security Bypass that Enables RCE vulnerability discovered by ? in WordPress Npm flowise-components versions = 3.1.1...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:57 p.m.11 views

NPM: Flowise has an MCP Security Bypass that Enables RCE

NPM: Flowise has an MCP Security Bypass that Enables RCE vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:54 p.m.13 views

NPM: FlowiseAI Exposes Basic Auth Credentials via API

NPM: FlowiseAI Exposes Basic Auth Credentials via API vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

7.1AI score0.00251EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:54 p.m.16 views

NPM: FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

NPM: FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00268EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:52 p.m.19 views

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00195EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 2:52 p.m.11 views

NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...

5.8AI score0.00254EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/05/14 11:13 a.m.12 views

WordPress Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation vulnerability

Authenticated Author+ Limited Privilege Escalation vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Essential Addons for Elementor versions = 6.5.13...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 11:12 a.m.11 views

WordPress ManageWP Worker plugin <= 4.9.31 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by timomangcut in WordPress Plugin ManageWP Worker versions = 4.9.31...

7.2CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 11:5 a.m.10 views

WordPress MapGeo – Interactive Geo Maps plugin <= 1.6.27 - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting vulnerability

Interactive Geo Maps plugin = 1.6.27 - Interactive Geo Maps = 1.6.27 - Reflected Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Interactive Geo Maps versions = 1.6.27...

6.1CVSS5.8AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:55 a.m.15 views

WordPress Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin <= 5.0.6 - Authenticated (Subscriber+) Time-Based Blind SQL Injection vulnerability

Authenticated Subscriber+ Time-Based Blind SQL Injection vulnerability discovered by Louis Deschanel JeanJeanLeHaxor - Patrowl in WordPress Plugin Taskbuilder versions = 5.0.6...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:49 a.m.12 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

7.5CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:46 a.m.11 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion vulnerability

Unauthenticated Missing Authorization to Arbitrary Post Deletion vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

9.1CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:33 a.m.14 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation vulnerability

Authenticated Subscriber+ Missing Authorization to Privilege Escalation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

8.8CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:24 a.m.12 views

WordPress InfusedWoo Pro plugin <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation vulnerability

Unauthenticated Missing Authorization to Privilege Escalation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin InfusedWoo Pro versions = 5.1.2...

9.8CVSS5.8AI score0.00439EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:10 a.m.13 views

WordPress Motors – Car Dealership & Classified Listings Plugin plugin <= 1.4.107 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Leonid Semenenko lsemenenko in WordPress Plugin Motors versions = 1.4.107...

8.1CVSS5.8AI score0.00256EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:2 a.m.11 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin FluentForm versions = 6.2.0...

8.2CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 10:1 a.m.13 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Authenticated (Subscriber+) Authorization Bypass vulnerability

Authenticated Subscriber+ Authorization Bypass vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin FluentForm versions = 6.1.21...

8.2CVSS5.8AI score0.00218EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 9:48 a.m.14 views

WordPress Career Section plugin <= 1.7 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Career Section versions = 1.7...

9.8CVSS5.8AI score0.00665EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 9:38 a.m.12 views

WordPress Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability

Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability discovered by ? in WordPress Plugin Burst Statistics versions 3.4.0-3.4.1.1...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 4:5 a.m.10 views

WordPress Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin <= 3.3.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou in WordPress Plugin Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity versions = 3.3.6...

5.8AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/14 3:52 a.m.12 views

WordPress WP Directory Kit plugin <= 1.5.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin WP Directory Kit versions = 1.5.1...

5.9AI score0.00236EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/14 12:0 a.m.14 views

WordPress FOX – Currency Switcher Professional for WooCommerce plugin <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion vulnerability

Missing Authorization to Authenticated Contributor+ Configuration Deletion vulnerability discovered by Ren Voza in WordPress Plugin FOX versions = 1.4.5...

8.1CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/14 12:0 a.m.20 views

WordPress The7 — Website and eCommerce Builder for WordPress theme <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by João Pedro Soares de Alcântara - Kinorth in WordPress Theme The7 versions = 14.3.2...

6.4CVSS5.8AI score0.00281EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 7:53 p.m.9 views

WordPress Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin <= 1.7.1058 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Romain Deperne ang3L in WordPress Plugin Royal Elementor Addons versions = 1.7.1058...

6.4CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 7:52 p.m.10 views

WordPress User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability

Unauthenticated Missing Authorization to Admin Approval Bypass vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.5...

5.3CVSS5.8AI score0.00445EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 7:51 p.m.7 views

WordPress MW WP Form plugin <= 5.1.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure vulnerability discovered by Kirasec in WordPress Plugin MW WP Form versions = 5.1.2...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 7:50 p.m.11 views

WordPress CC Child Pages plugin <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.1.1...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 6:18 p.m.13 views

WordPress Bold Page Builder plugin <= 5.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin Bold Page Builder versions = 5.6.8...

6.4CVSS5.8AI score0.00156EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities46662